All Comments

The smallest hacking tutorial

I present in few lines of this tutorial, how u can bypass theclient-side controle of forms and therefor forcing "unexpected"data to be injected in a data repositoty (R database, XML,files,...) orinstead of, cause an internal Error in the Server (The famous 500).It is very easy but THE IDEA DOES REALLY MATTER.YOU DON'T VERY NEED JAVASCRIPT/HTML KNOWLEDGE,JUST COPY'n'PAST.<strong>THIS TUTORIAL IS JUST FOR EDUCATIONAL AND PREVENTIVE PURPOSE. </strong><strong>I AM NOT RESPONSIBLE FOR ANY DAMAGES RESULTS USING THIS TUTORIAL.</strong>

First : Look for any website that contains a form to be submitted,click on submit button or any thing else that have <em>'submit</em><em> effect'</em><em> </em>(without filling any input) , if popup is showing u <strong>'All fields must...'</strong> or <strong>'Field email must be given'</strong> or somthings else so u may be in good place to begin.

Second : In the File menu of the browser select save as...(keep the original file name). Now you have the page in your Hard Drive.in your file browser right-click on the saved page, select open with, and choose any text editor, now you havethe source of the page.

Third : Find in the source a line starts with <strong>'<Form'</strong>. if you find in thisline <strong>'onSubmit=...' </strong>delete it. If u don't find <strong>'onSubmit=...'</strong> go findthe submit button, you should have in this line <strong>onClick='...' </strong> or/and <strong>type='button' </strong>switch type to <strong>type='submit' </strong>and delete <strong>onClick='...'</strong>.

Forth :Return to the browser and copy the URL from the adress bar.In the source of the page, in the line starting with <strong>'<Form' </strong>u find<strong>'action=agivenpage'</strong>, past just between <strong> '=' </strong> and <strong>'agivenpage'</strong>u will get <strong>'action=TheUrlFromAdressBar/agivenpage'</strong> .Now save the changes and close the editor.NB:If u find <strong>'action'</strong> is given empty or the word <strong>'action'</strong> doesn't existthat means the same page of the Form have the code that process thesubmited data sou will get <strong>'action=TheUrlFromAdressBar/TheSavedPage'</strong>,TheSavedPage is one saved in the HD (don't forget the original name ofthe file).

Fifth: The last action heroDouble click on the page and fill up the fields with unexpected data :an url in the email field for example or just letters in birthday field.CLICK SUBMIT

Start or search

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.